Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Listingpro
(Cridio)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-07 | CVE-2020-36719 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin. | Listingpro | 9.8 | ||
| 2023-06-07 | CVE-2020-36723 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts. | Listingpro | 5.3 | ||
| 2024-08-29 | CVE-2024-38795 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | Listingpro | 9.8 | ||
| 2024-08-29 | CVE-2024-39620 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | Listingpro | 8.8 | ||
| 2024-08-29 | CVE-2024-39622 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4. | Listingpro | 9.8 | ||
| 2019-12-26 | CVE-2019-19541 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. | Listingpro | N/A | ||
| 2019-12-26 | CVE-2019-19540 | The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. | Listingpro | N/A | ||
| 2019-12-26 | CVE-2019-19542 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. | Listingpro | N/A |